SMTP Relay in office 365
We've been using the Office 365 SMTP service from our server for a few months now.
We started using option 1 (SMTP client submission) in the How to set up a multifunction device or application to send email using Office 365
This option works, but does not perform well.
It takes 15-20 seconds to send each e-mail.
We need to send e-mails to addresses outside the organisation, so option 2 (direct send) was not an option, so we tried option 3 (Office 365 SMTP relay). I followed the instructions in the article, setting up a connector in our office 365 portal exchange admin page. I added the public ip address of our server in the connector setup.
As part of the setup, I used telnet to connect to the SMTP endpoint [our-domain-name.mail.protection.outlook.com] and was surprised that I could connect to this endpoint not only from our nominated IP address, but from other IP addresses. I tested further and found that I could also relay e-mails from other IP addresses, not just the one I nominated in the connector setup. I was only blocked from relaying an e-mail if the address I'm sending to is not an office 365 address.
So, at this point, I can relay an e-mail from any smtp client, on any computer, with no authentication, not using TLS, to anyone as long as both organisations use office 365.
I don't believe this behaviour is by-design. I would expect to not be able to use the SMTP relay from anywhere except the IP address nominated in the connector record.
That was By Design behaviour. Your endpoint points to Office 365 IP addresses shared by other customers. You were not in fact relaying by sending directly to those customers as the messages could be delivered by us for the mailboxes hosted in Office 365. For the external mailboxes, it failed like you saw because the connector was not working.